JP4750348B2 - Managing keys for encrypted media - Google Patents

Managing keys for encrypted media Download PDF

Info

Publication number
JP4750348B2
JP4750348B2 JP2002566946A JP2002566946A JP4750348B2 JP 4750348 B2 JP4750348 B2 JP 4750348B2 JP 2002566946 A JP2002566946 A JP 2002566946A JP 2002566946 A JP2002566946 A JP 2002566946A JP 4750348 B2 JP4750348 B2 JP 4750348B2
Authority
JP
Japan
Prior art keywords
media
key
server
customer device
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
JP2002566946A
Other languages
Japanese (ja)
Other versions
JP2004529534A (en
Inventor
レイク、ウィリアム、マイケル
− スミス、ブライアン、ジェイムズ ドノヴァン
ヒギンズ、ショーン、ジョセフ
マーティン、パトリック、ジョン
Original Assignee
アールピーケイ ニュージーランド リミテッド
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by アールピーケイ ニュージーランド リミテッド filed Critical アールピーケイ ニュージーランド リミテッド
Publication of JP2004529534A publication Critical patent/JP2004529534A/en
Application granted granted Critical
Publication of JP4750348B2 publication Critical patent/JP4750348B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/637Control signals issued by the client directed to the server or network components
    • H04N21/6377Control signals issued by the client directed to the server or network components directed to server
    • H04N21/63775Control signals issued by the client directed to the server or network components directed to server for uploading keys, e.g. for a client to communicate its public key to the server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/101Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measures for digital rights management

Abstract

A key or licence management system for the secure online distribution of digitized audio-visual works ("media") using encryption techniques. Encrypted media is stored on a media server while the encryption keys are stored on a media key server. Users acquire rights from online retailers to obtain from the media key server keys corresponding to the media they wish to play. The key server encrypts keys before releasing them, preferably with the user's public key using a public key encryption algorithm. Keys are stored in volatile memory at the user's client device and thus the user is in receipt of the key just in time to play the media.

Description

本発明は、暗号鍵管理システムを用いてデジタル視聴覚著作物(digitised audio-visual works)を安全に流通させることに関する。   The present invention relates to the secure distribution of digitized audio-visual works using an encryption key management system.

従来、語録用視聴覚著作物は、オーディオやビデオ之CDSまたは放送やケーブルテレビ放送によって消費者に直接配信される。適切な帯域幅のインターネットはデジタル視聴覚著作物の配信にたいして実行可能な代替案を提供する。特にインターネットを経由したデジタル配信は、これまでビデオ・オン・デマンド・サービスの発展を阻害してきた問題の解決方法になっている。   Traditionally, audiovisual works for vocabulary are delivered directly to consumers by audio, video CDS, broadcast or cable television broadcast. A suitable bandwidth Internet provides a viable alternative to the distribution of digital audiovisual works. In particular, digital distribution via the Internet has become a solution to the problems that have hindered the development of video-on-demand services.

オーディオ著作物およびビデオ著作物をデジタル化して再生する技術は公知である。デジタル化した著作物がインターネットのようなデータネットワークを介して電子的に流通する場合、ファイルのサイズとネットワークの帯域幅は(圧縮されたときでさえも)、著作物をダウンロードする妥当な時間内で消費者が聴いたり視たりすることを開始できるならば、ストリーミング技術を使用しなければならないことを意味している。ストリーミング・ソフトウエアの一例は、リアル・ネットワークス社のリアル・サーバー(RealServer)とリアル・プレーヤ(RealPlayer)である。   Techniques for digitizing and reproducing audio works and video works are well known. When a digitized work is distributed electronically over a data network such as the Internet, the file size and network bandwidth (even when compressed) is within a reasonable time to download the work. This means that if consumers can start listening and watching, they must use streaming technology. One example of streaming software is Real Networks' RealServer and RealPlayer.

インターネット上でデジタル視聴覚著作物を利用可能にすることに関する1つの問題は、海賊版のコピーが容易につくられて流通し、そのため制作者や著作権所有者の収入が剥奪されることである。視聴覚著作物は、その視聴覚著作物に対して料金を払った消費者によってのみ再生されうることを保証するためのニーズが存在する。   One problem with making digital audiovisual works available on the Internet is that pirated copies are easily made and circulated, thus depriving producers and copyright holders of revenue. There is a need to ensure that an audiovisual work can only be played by consumers who have paid for the audiovisual work.

インターネットを介して流通する視聴覚著作物の無認可使用を管理するために暗号システムが提案されているが、データの復号に必要な鍵の管理が不便、不十分または不適切である。   Cryptographic systems have been proposed to manage unauthorized use of audiovisual works distributed over the Internet, but the management of keys required to decrypt data is inconvenient, insufficient or inappropriate.

したがって、本発明の目的は、データネットワークを介してデジタル視聴覚著作物を安全に流通させる方法を提供することである。   Accordingly, it is an object of the present invention to provide a method for safely distributing digital audiovisual works over a data network.

したがって1つの態様における本発明は、データネットワークを介し消費者に対してデジタル視聴覚著作物(「メディア」)を安全に流通させる方法にあり、この方法は、
各著作物ごとに異なる暗号鍵(「メディア・キー」)を用いて前記メディアを暗号化するステップと、
前記暗号化したメディアを1つまたは複数の第1のサーバーに格納するステップと、
メディア・キーを第2のサーバーに格納するステップと、
1つまたは複数の小売りサーバーを利用可能にして、小売業者によって設定された条件を承知することと引き替えに、消費者がその小売りサーバーから所望のメディアのメディア・キーを受け取る権利を取得することができるステップと、
前記消費者が、ネットワークに接続された顧客装置から選択した小売りサーバーに対し所望のメディア著作物の少なくともメディア・キーを要求するステップと、
前記選択された小売りサーバーにおいて、前記消費者が前記小売り業者(retailer)の条件に合致していることを検証するステップと、
合致している場合は、前記小売りサーバーが、前記要求を前記第2のサーバーに送るか、または前記第2のサーバーに連絡することを可能にするデータを顧客装置に供給するステップと、
前記第2のサーバーにおいて、前記小売りサーバーまたは顧客装置からの要求を満足させる正当性を検証して、正当な場合は、関連するメディア・キーを暗号化し、その暗号化したメディア・キーを前記小売りサーバーまたは前記顧客装置のいずれかにダウンロードするステップと、
前記小売りサーバーが、前記第2のサーバーから暗号化されたメディア・キーを受け取ると、前記暗号化されたメディア・キーを前記顧客装置にダウンロードするステップと、
前記顧客装置において、前記受け取ったメディア・キーを復号して、その復号したメディア・キーをメモリに格納するステップと、
前記顧客装置において、適切な第1のサーバーに対して、前記所望のメディア著作物を供給する要求を発生するステップと、
前記第1のサーバーから前記顧客装置に対して、前記所望の暗号化されたメディア著作物をダウンロードするステップと、
前記顧客装置において、前記メモリから前記メディア・キーを取り出し、取り出したメディア・キーを用い、適切な再生用ソフトウエアを用いてメディア著作物を再生することができる条件に前記メディア著作物を復号するステップと、
を含む。 Accordingly, the present invention in one aspect resides in a method for securely distributing digital audiovisual works (“media”) to consumers over a data network, the method comprising:
Encrypting the media using a different encryption key ("media key") for each work;
Storing the encrypted media on one or more first servers;
Storing the media key on a second server;
Obtaining the right for a consumer to receive a media key for a desired media from the retail server in exchange for making one or more retail servers available and accepting the conditions set by the retailer Possible steps,
Said consumer requesting at least a media key of a desired media work from a retail server selected from a customer device connected to a network;
Verifying at the selected retail server that the consumer meets the retailer's requirements;
If so, the retail server supplies data to the customer device that allows the request to be sent to the second server or contacted to the second server;
The second server verifies the validity of satisfying the request from the retail server or customer device and, if valid, encrypts the associated media key and uses the encrypted media key as the retail server. Downloading to either a server or said customer device;
When the retail server receives the encrypted media key from the second server, downloading the encrypted media key to the customer device;
Decrypting the received media key in the customer device and storing the decrypted media key in memory;
Generating a request to supply the desired media work to an appropriate first server at the customer device;
Downloading the desired encrypted media work from the first server to the customer device;
In the customer device, the media key is taken out from the memory, and the media work is decrypted on the condition that the media work can be played back using appropriate playback software using the taken out media key. Steps,
including.

本発明の考え方は、インターネットを介して、他のデジタル製品を安全に流通させるためにも適用されうる。したがって、さらなる態様における本発明は、データネットワークを介してデジタル製品を消費者に安全に流通させる方法にあり、この方法は、
各製品ごとに異なる暗号鍵(「製品キー」)を用いて前記製品を暗号化するステップと、
前記暗号化された製品を第1のサーバーに格納するステップと、
前記製品キーを第2のサーバーに格納するステップと、
各製品と各製品に対応するキーとに対応するとともに、前記メディア著作物と前記製品および製品キーのそれぞれの位置とを識別する情報を含むステアリングファイルをつくり出すステップと、
消費者が購入する各製品に対応するステアリング・ファイルを第3のサーバー上で利用可能にするステップと、
前記ステアリング・ファイルが、ネットワークに接続され前記消費者にアクセス可能な顧客のコンピュータ装置上で実行されると、前記第2のサーバーに対して、前記ステアリング・ファイルの中で識別された前記製品のキーを要求するステップと、
前記第2のサーバーにおいて、前記消費者に独特のキーに該当する前記製品キーを暗号化し、その暗号化した製品キーを前記顧客装置にダウンロードするステップと、
前記顧客装置において前記製品キーを復号し、その復号した製品キーをメモリに格納するステップと、
前記顧客装置から前記第1のサーバーに対して、前記ステアリング・ファイルで識別された前記製品を配信する要求を発生するステップと、
前記暗号化された製品を前記第1のサーバーから前記顧客装置に対してダウンロードするステップと、
前記メモリから前記製品キーを取り出し、取り出した製品キーを用いて前記製品を、すぐに用いられる条件に復号するステップと、
を含む。 The idea of the present invention can also be applied to safely distribute other digital products over the Internet. Accordingly, the invention in a further aspect resides in a method for securely distributing digital products to consumers over a data network, the method comprising:
Encrypting the product using a different encryption key ("product key") for each product;
Storing the encrypted product on a first server;
Storing the product key on a second server;
Creating a steering file corresponding to each product and a key corresponding to each product and including information identifying the media work and the respective location of the product and the product key;
Making the steering file corresponding to each product the consumer purchases available on a third server;
When the steering file is executed on a customer computing device that is connected to the network and accessible to the consumer, the second server is notified of the product identified in the steering file. Requesting a key;
Encrypting the product key corresponding to a key unique to the consumer at the second server and downloading the encrypted product key to the customer device;
Decrypting the product key in the customer device and storing the decrypted product key in memory;
Generating a request from the customer device to deliver the product identified in the steering file to the first server;
Downloading the encrypted product from the first server to the customer device;
Retrieving the product key from the memory and decrypting the product to a ready-to-use condition using the retrieved product key;
including.

望ましくは、公開鍵暗号システムを用いて顧客装置にダウンロードするメディア・キーを暗号化するが、これを容易にするのは、顧客装置は消費者の公開鍵を第2のサーバーにアップロードすることである。   Preferably, the media key to be downloaded to the customer device is encrypted using a public key cryptosystem, which facilitates this by uploading the consumer's public key to the second server. is there.

本発明は、メディアをストリーミングする方法で視聴覚著作物のようなコンテンツを安全にオンライン配信することを特に考慮しているが、それに限定されるものではない。コンテンツが暗号化され、鍵管理システム(key management system)または権利管理(rights management)システムが確定されて、認可されたユーザーだけがコンテンツを復号して再生することができる。暗号化されたコンテンツが、暗号鍵またはアクセス権と切り離して利用可能になり、消費者によってこれらのアクセス権や鍵が購入され、メディアも鍵も保持していない事業体(entity)から取得されないことは本発明の重要部分である。それだけでなく、3つの機能のすべてが別々のサーバー・サイトとは別の事業体によって管理される場合は、安全性が最高になる。   The present invention specifically contemplates the secure online distribution of content such as audiovisual works in a method of streaming media, but is not limited thereto. The content is encrypted and a key management system or rights management system is established so that only authorized users can decrypt and play the content. Encrypted content is made available separately from encryption keys or access rights, and these access rights and keys are purchased by consumers and are not obtained from entities that do not hold media or keys. Is an important part of the present invention. Not only that, but when all three functions are managed by a separate entity from separate server sites, security is best.

本発明は、復号化処理機能を備えた汎用コンピュータ(たとえば、PC)や特定用途向け計算装置(たとえば、セット・トップ・ボックス)で構成される顧客装置を用いることによって、暗号化されたメディアにアクセスしたい消費者またはエンドユーザーにメディア・キーを配信する。暗号化されたメディアは、ストリームまたはファイルで構成される。同時に(マルチ・キャスト)または個々の受信者ごとに(ユニ・キャスト)、さもなければファイルのダウンロード機構によって二人以上の受信者にメディアを配信できることを意図している場合は、暗号化事業体は、この目的のために発生するメディア・キーを用いて暗号化を実行するであろうから、このメディア・キーが、認可されたエンドユーザーだけに配信される鍵である。公開鍵アルゴリズムを用いてメディアを暗号化する場合、この文脈で用いられる「メディア・キー」という用語は、メディアを復号するために必要な秘密鍵または復号鍵を意味することとしたい。   The present invention can be applied to encrypted media by using a customer device composed of a general-purpose computer (for example, a PC) equipped with a decryption processing function or an application-specific computing device (for example, a set top box). Distribute media keys to consumers or end users who want access. The encrypted media is composed of a stream or a file. A cryptographic entity if it is intended to deliver media to more than one recipient at the same time (multicast) or for each individual recipient (unicast), or otherwise via a file download mechanism Will perform encryption using a media key generated for this purpose, so this media key is a key that is distributed only to authorized end users. When encrypting media using a public key algorithm, the term “media key” as used in this context is intended to mean a secret key or decryption key required to decrypt the media.

ここで説明したシステムにおけるメディア・キーは、「キー・サーバー」と呼ぶエージェントまたは事業体によってエンドユーザーに配信される。暗号化事業体による実際のメディアの暗号化に続いて、メディア・キーが、キー・サーバーに安全に送信または配信される。暗号化事業体は、何らかの一般的な手段を用いて、マルチ・キャスト・ストリーミングまたはユニ・キャスト・ストリーミングあるいはファイル・ダウンロード機構のいずれかによってエンドユーザーにメディアを配信する役割の「メディア・サーバー」に対し、暗号化されたメディアを送信または配信する。コンテンツ・プロバイダによって2つ以上のメディア・サーバーが利用される。メディアの安全性を最高にするためには、キー・サーバーとメディア・サーバーが別々の事業体によって管理されることが重要である。   Media keys in the systems described herein are distributed to end users by agents or entities called “key servers”. Following the actual media encryption by the encryption entity, the media key is securely transmitted or distributed to the key server. Cryptographic entities may use any common means to become a “media server” responsible for delivering media to end users through either multicast or unicast streaming or file download mechanisms. On the other hand, the encrypted media is transmitted or distributed. Two or more media servers are utilized by the content provider. In order to maximize media security, it is important that the key server and media server be managed by separate entities.

メディア・サーバーからエンドユーザーにメディア・ストリームを配信することができる手段のうち、現在利用可能な手段の一例は、リアル・ネットワークス社によって製造されたソフトウエア、リアル・サーバーとリアル・プレーヤである。   Among the means by which media streams can be delivered from media servers to end users, examples of currently available means are software manufactured by Real Networks, Real Servers and Real Players. .

図1を参照すると、「ジャスト・イン・タイム」で用いるようにメディア・キーを配信するために提案したシステムの一実施例におけるエンドユーザーは、要求する12ことによって、小売業者11(つまり、インターネットの「ストア」または「ショップ」)から、後でユーザーにダウンロード13されるユーザーが選んだメディア著作物の「ステアリング・ファイル」1を取得する。このファイルには、顧客装置10上で実行して、2つの要求、つまり1つは適切なメディア・キーに対する要求、他の1つはユーザーが選んだ暗号化されたメディアに対する要求をするユーザーのソフトウエアによって必要となる情報が含まれている。後者の機能は、ユーザーがメディア・キーを取得する時刻に関係なく、かつメディア・キーを取得する異なる時刻に暗号化メディアを取得するようになっているいくつかのビジネス・モデルでは省略されることがある。小売りストア11は、コンテンツ・プロバイダがもっているメディアの全作品のステアリング・ファイルを構築できるように十分なメディア情報を含むデータベース14を以前からダウンロードまたは更新16しているであろう。これらのメディアは、いろいろな従来のオンライン支払い手法または部分的なオンライン支払い手法を用いてエンドユーザーに販売される。   Referring to FIG. 1, an end user in one embodiment of a proposed system for distributing media keys for use in “just in time” requires a retailer 11 (ie Internet The “steering file” 1 of the media work selected by the user, which is downloaded 13 by the user later, is obtained from the “store” or “shop” of FIG. This file contains the user's request to run on the customer device 10, one requesting the appropriate media key and the other requesting the encrypted media chosen by the user. Contains information required by the software. The latter feature is omitted in some business models that are designed to acquire encrypted media regardless of when the user obtains the media key and at different times when the media key is obtained. There is. The retail store 11 would have previously downloaded or updated 16 the database 14 containing sufficient media information so that a content provider can build a steering file for all of the media's work. These media are sold to end users using a variety of conventional online payment techniques or partial online payment techniques.

適切なステアリング・ファイル・フォーマットの一例は、遠隔サーバー上のメディアに対する複数の要求を構成し同期をとるリアル・プレーヤによって共通的に用いられるSMILファイルである。この目的に用いるSMILファイルの一例は、

である。 One example of a suitable steering file format is a SMIL file that is commonly used by real players to construct and synchronize multiple requests for media on a remote server. An example of a SMIL file used for this purpose is

It is.

このステアリング・ファイルは、ほかにもメディア配信メタファイル(Media Delivery Metafle:MDM)によってつくられてもよく、次に示すものはその一例である。
This steering file may also be created by a Media Delivery Metafile (MDM), for example:

このSMILファイルにより、まず顧客装置上のユーザーのソフトウエア(たとえばリアル・プレーヤ)が、キー・サーバー3に対して、SMILファイルが関連しているメディアに対応するメディア・キーの要求を送る。この要求をするために必要なに情報は、キー・サーバー3の位置と、どのメディア・キーが要求されているかキー・サーバーが決定できるようにする情報とが含まれる。この要求をする処理には、エンドユーザーが自身の公開鍵4をキー・サーバー3に送信する手段が含まれ、さらに他の識別情報または認証情報をキー・サーバーに送信することを含めてもよい。公開鍵アルゴリズムを用いてメディア・キーを暗号化することが望ましく、これを容易にするのは、ユーザーの公開鍵4がキー・サーバーに提供されることである。   With this SMIL file, the user's software (eg, a real player) on the customer device first sends a request to the key server 3 for a media key corresponding to the media with which the SMIL file is associated. The information needed to make this request includes the location of the key server 3 and information that allows the key server to determine which media key is being requested. The process of making this request includes means for the end user to send his / her public key 4 to the key server 3, and may further include sending other identification information or authentication information to the key server. . It is desirable to encrypt the media key using a public key algorithm, which facilitates this by providing the user's public key 4 to the key server.

エンドユーザーが要求した鍵を受け取る資格があることを、本システムとは別の手段によってキー・サーバー3が確証すると、キー・サーバー3は、エンドユーザーの公開鍵によってメディア・キーを暗号化し、暗号化したそのメディア・キー5をエンドユーザーに送る。エンドユーザーのソフトウエア(たとえば、リアル・プレーヤの復号用「プラグイン」)は、暗号化したメディア・キーを、望ましくは揮発性メモリ5に格納するか、代替方法として、エンドユーザーの秘密鍵15を使ってメディア・キーを直ちに復号し、揮発性メモリにクリア・メディア・キーを格納してもよい。メディア・キーは、揮発性メモリ(たとえば、RAM)の中に常駐させ、ハードディスクドライブに格納された場合よりもずっと安全にして、ペイ・パー・ビュー・ビジネス・モデルが適用されても無認可の繰り返し利用を防止するように考えられている。   When the key server 3 verifies that the end user is entitled to receive the requested key by means other than the system, the key server 3 encrypts the media key with the end user's public key, The converted media key 5 is sent to the end user. End user software (eg, a real player decryption “plug-in”) preferably stores the encrypted media key in volatile memory 5 or, alternatively, the end user's private key 15. May be used to immediately decrypt the media key and store the clear media key in volatile memory. Media keys reside in volatile memory (eg, RAM), are much more secure than if they were stored on a hard disk drive, and are unauthorized and repetitive even when the pay-per-view business model is applied It is considered to prevent use.

暗号化されたメディア・キーを受信すると、ステアリング・ファイル1により、ユーザーのソフトウエアは、暗号化されたメディアを配信することをメディア・サーバー8に対して要求する7。メディアがダウンロード9されて(ストリーム配信の場合は第1の暗号化されたパケット、またはダウンロード配信の場合は暗号化された全ファイルが)到着すると、暗号化形式で格納されていた場合は、前に説明したように非対称的に復号されるメディア・キーが、揮発性メモリ5から取り出され、メディアを復号するために用いられるので、メディアを視たり聴いたりすることができ、あるいは反対に用いることができない。   Upon receipt of the encrypted media key, the steering file 1 causes the user's software to request 7 the media server 8 to deliver the encrypted media. When the media is downloaded 9 and arrives (first encrypted packet for stream delivery, or all encrypted files for download delivery), if it was stored in encrypted form, As described above, the asymmetrically decrypted media key is taken from the volatile memory 5 and used to decrypt the media so that the media can be viewed and listened to, or vice versa I can't.

ちょうどいま説明した実施例における小売りストア11は、ユーザーの要求に応答して、ステアリング情報を含むステアリング・ファイルを構築する。このステアリング・ファイルには、キー・サーバー・マネージャーから事前に取得した資格付与の情報(たとえば、独自の電子「切符」)が含まれる。しかし、他の実施例における小売りストアは、そのようなステアリング情報の在庫を維持できないので、ユーザーからの要求を受信する2たびに、直接キー・サーバー3から情報を取得することができる。キー・サーバー3は、ユーザーにダウンロードするステアリング情報を小売りストア11に配信してもよいし、代替方法としてユーザーの顧客装置10に直接ステアリング情報をダウンロードしてもよい。検証手続きは、それぞれ支払いと資格付与を検証する小売りストア11とキー・サーバー3によって実行される。   The retail store 11 in the embodiment just described builds a steering file that includes steering information in response to a user request. This steering file contains entitlement information (eg, a unique electronic “ticket”) previously obtained from the key server manager. However, since the retail store in other embodiments cannot maintain such steering information inventory, it can obtain information directly from the key server 3 every time it receives a request from the user. The key server 3 may distribute the steering information to be downloaded to the user to the retail store 11 or may download the steering information directly to the user's customer device 10 as an alternative method. The verification procedure is performed by the retail store 11 and the key server 3 that verify payment and entitlement, respectively.

第3の実施例においては、ユーザーがメディア・サーバー8のステアリング情報を含むファイルを受信するが、キー・サーバー3のステアリング情報のかわりにこのファイルの中で暗号化された鍵を実際に受信するように第2の実施例を修正することによって効率ゲインが達成される。これはキー・サーバー3によって直接ダウンロードされてもよいし、小売りストア11を介してダウンロードされ、このユーザーに転送されてもよい。このようなシナリオにおけるステアリング・ファイルの情報は、メディア・サーバーの位置とユーザーによって選ばれた暗号化されたメディアの識別子とを含むだけであろう。第1の実施例のように、ユーザーのソフトウエアは、そのメディアに関連していてメディアの復号を可能にする鍵を所有していないかぎり、暗号化されたメディアを再生することはできない。   In the third embodiment, the user receives a file containing the steering information of the media server 8 but actually receives the encrypted key in this file instead of the steering information of the key server 3. Thus, an efficiency gain is achieved by modifying the second embodiment. This may be downloaded directly by the key server 3 or downloaded via the retail store 11 and forwarded to this user. The steering file information in such a scenario would only include the location of the media server and the encrypted media identifier chosen by the user. As in the first embodiment, the user's software cannot play the encrypted media unless it has a key associated with the media that allows the media to be decrypted.

説明したこのシステムの利点は、
(a)認可された受信者のみがメディア・キーにアクセスでき、
(b)鍵を管理するビジネス上の責任と機能的責任は、暗号化されたメディアを管理する責任と切り離され、
(c)メディア・キーは、メディアを復号するために用いられるメディア・キーとして、「ジャスト・イン・タイム」でエンドユーザーに配信され、
(d)メディア・キーは、認可されたユーザーの公開鍵で暗号化されていないかぎり、信頼できるキー・サーバー以外のどこにも送信されずかつ格納されず、
(e)エンドユーザーによる使用に必要なシステムの各種ステップは非常に簡単なので、安全化手法や暗号化手法に関する特殊な知識や能力は、このシステムを使用するユーザーに必要がない、
ことである。 The advantages of this system described are
(A) Only authorized recipients can access the media key,
(B) The business and functional responsibilities for managing keys are separated from the responsibility for managing encrypted media;
(C) The media key is delivered to the end user “just in time” as the media key used to decrypt the media;
(D) the media key is not sent or stored anywhere other than a trusted key server, unless encrypted with the authorized user's public key;
(E) Since the various steps of the system required for use by the end user are very simple, no special knowledge or ability regarding the security method or encryption method is necessary for the user using this system.
That is.

デジタル化された視聴覚著作物の鍵管理システムを図式的に表した図である。1 is a diagram schematically showing a digital audio-visual work key management system. FIG.

Claims (4)

データネットワークを介し消費者に対してデジタル視聴覚著作物(メディア)を安全に流通させる方法であって、
暗号化エンティティーは、メディア・キーを用いてメディアを暗号化し、暗号化されたメディアをメディア・サーバーに転送し、メディア・キーをキー・サーバーに転送し、このメディア・サーバーとキー・サーバーは別箇のエンティティーで管理され、
一つ又は複数のサーバーにおいてステアリング・ファイルを形成し、各々のステアリング・ファイルは各々のメディアとその対応するメディア・キーに対応し、前記ステアリング・ファイルはメディアとメディア・キーの位置を識別する情報を含み、前記ステアリング・ファイルを一つ又は複数の小売サーバーで利用可能として、顧客装置で処理される時点で前記ステアリング・ファイルで識別されたメディアに対してメディア・キーの前記キー・サーバーに要求を行い、前記メディア・サーバーに対して前記ステアリング・ファイル中で識別される暗号化されたメディアを供給するよう要求し、
一つの小売サーバーにおいて、前記メディアに対するエンド・ユーザーからのステアリング・ファイルに対する要求を受け取り、前記ステアリング・ファイルを顧客装置にダウンロードし、当該ステアリング・ファイルは前記メディア・キーと暗号化メディアとを要求する顧客装置上のユーザーのソフトウエアの情報を含み、
前記キー・サーバーにおいて、前記メディア・キーへの要求を受け取り、当該ステアリング・ファイルは前記顧客装置上のユーザーのソフトウエアに前記要求を送らせ、
キー・サーバーが、外部手段にエンド・ユーザーが要求されたメディア・キーを受け取る資格があると判断した場合には、メディア・キーを暗号化し、当該メディア・キーを前記エンド・ユーザーにダウンロードし、
前記メディア・サーバーにおいて、前記暗号化されたメディアを配達する要求を受けて、前記メディアを前記顧客装置にダウンロードし、前記ステアリング・ファイルは前記顧客装置上のユーザー・ソフトウエアに作用して前記暗号化されたメディアを配達するよう要求し、
前記顧客装置において、前記メディア・キーを復号化し、当該復号化されたメディア・キーを用いて前記暗号化されたメディアを復号化して、聴取する、ことを特徴とする方法。A method for safely distributing digital audio-visual works (media) to consumers via a data network,
The encryption entity encrypts the media with the media key, forwards the encrypted media to the media server, forwards the media key to the key server, and the media server and key server Managed by a separate entity,
A steering file is formed at one or more servers, each steering file corresponding to each media and its corresponding media key, said steering file being information identifying the location of the media and media key Requesting the key server for a media key for the media identified in the steering file at the time it is processed by a customer device, making the steering file available to one or more retail servers Requesting the media server to supply encrypted media identified in the steering file;
A retail server receives a request for a steering file from the end user for the media, downloads the steering file to a customer device, and the steering file requests the media key and encrypted media Contains information about the user's software on the customer device,
The key server receives a request for the media key and the steering file causes the user software on the customer device to send the request;
If the key server determines that the external user is entitled to receive the requested media key in an external means, it encrypts the media key, downloads the media key to the end user,
The media server receives the request to deliver the encrypted media, downloads the media to the customer device, and the steering file acts on user software on the customer device to operate the encryption. Request delivery of categorized media,
The customer device decrypts the media key, decrypts the encrypted media using the decrypted media key, and listens. 請求項1に記載の方法であって、前記キー・サーバーは公開鍵暗号化アルゴリズムを用いて前記メディア・キーを暗号化し、前記顧客装置上のユーザーのソフトウエアがメディア・キーに対する要求を送ると、その要求はエンド・ユーザーの公開鍵を含み、前記メディア・サーバーは前記公開鍵暗号化アルゴリズムと消費者の公開鍵を使って前記メディア・キーを暗号化し、前記暗号化されたメディア・キーを受信すると、前記顧客装置は前記エンド・ユーザーの公開鍵を用いて前記暗号化されたメディア・キーを復号する、ことを特徴とする方法。  2. The method of claim 1, wherein the key server encrypts the media key using a public key encryption algorithm and the user software on the customer device sends a request for the media key. The request includes an end user's public key, and the media server encrypts the media key using the public key encryption algorithm and a consumer's public key, and stores the encrypted media key. Upon receipt, the customer device decrypts the encrypted media key using the end user's public key. データネットワーク上でデジタル化された著作物を消費者に安全に流通させる方法であって、
前記著作物をメディア・キーを用いて暗号化し、
前記暗号化された著作物を第1のサーバーに格納し、
前記暗号化鍵を第2のサーバーに格納し、
前記各々の著作物対応する鍵に対応する一つ又は複数のサーバーにステアリング・ファイルを構成し、当該ステアリング・ファイルは前記著作物と前記暗号化された鍵の位置を識別する情報を含み、
第3のサーバー上で、各々の著作物に対応するステアリング・ファイルを利用して消費者に購買可能とし、
前記ステアリング・ファイルはネットワークで接続された顧客装置で実行されると、前記消費者にアクセス可能で当該ステアリング・ファイルは前記顧客装置を動作させて前記第2のサーバーに前記ステアリング・ファイルで識別された著作物の暗号化鍵を要求させ、
前記第2のサーバーで、前記関連する暗号化鍵を前記消費者に固有の鍵で暗号化して、前記顧客装置にダウンロードし、
前記暗号化鍵を前記顧客装置で復号化してメモリに格納し、
前記顧客装置から前記第1のサーバーに要求して、前記ステアリング・ファイルで識別された著作物を配達し、
前記暗号化された著作物を前記第1のサーバーから前記顧客装置にダウンロードし、
前記メモリから前記暗号化鍵を検索し、当該暗号化鍵を用いて前記著作物を復号化して聴取する、
ステップからなる方法。A method for safely distributing digitalized works over a data network to consumers,
Encrypt the work using a media key,
Storing the encrypted work on a first server;
Storing the encryption key in a second server;
Configuring a steering file on one or more servers corresponding to the key corresponding to each of the copyrighted works, the steering file including information identifying the location of the copyrighted work and the encrypted key;
On the third server, you can make purchases to consumers using the steering file corresponding to each copyrighted work,
When the steering file is executed by a customer device connected via a network, the consumer file is accessible and the steering file is identified by the second server by operating the customer device. Request an encryption key for the copyrighted work,
The second server encrypts the associated encryption key with a key unique to the consumer and downloads it to the customer device;
Decrypting the encryption key with the customer device and storing it in memory;
Request from the customer device to the first server to deliver the work identified in the steering file;
Downloading the encrypted work from the first server to the customer device;
Retrieve the encryption key from the memory, decrypt the work using the encryption key and listen to it;
A method consisting of steps. 請求項3に記載の方法であって、さらに、第3のサーバーで認証手続きを行い、前記第2のサーバーは支払いと資格の認証をそれぞれ行う、ことを特徴とする方法。  4. The method according to claim 3, further comprising performing an authentication procedure at a third server, wherein the second server performs payment and qualification authentication, respectively.
JP2002566946A 2001-02-21 2002-02-19 Managing keys for encrypted media Expired - Lifetime JP4750348B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US26984501P 2001-02-21 2001-02-21
US60/269,845 2001-02-21
PCT/NZ2002/000018 WO2002067548A1 (en) 2001-02-21 2002-02-19 Encrypted media key management

Related Child Applications (1)

Application Number Title Priority Date Filing Date
JP2008187229A Division JP2008252956A (en) 2001-02-21 2008-07-18 Encrypted media key management

Publications (2)

Publication Number Publication Date
JP2004529534A JP2004529534A (en) 2004-09-24
JP4750348B2 true JP4750348B2 (en) 2011-08-17

Family

ID=23028885

Family Applications (2)

Application Number Title Priority Date Filing Date
JP2002566946A Expired - Lifetime JP4750348B2 (en) 2001-02-21 2002-02-19 Managing keys for encrypted media
JP2008187229A Pending JP2008252956A (en) 2001-02-21 2008-07-18 Encrypted media key management

Family Applications After (1)

Application Number Title Priority Date Filing Date
JP2008187229A Pending JP2008252956A (en) 2001-02-21 2008-07-18 Encrypted media key management

Country Status (6)

Country Link
US (1) US7076067B2 (en)
EP (1) EP1371170B1 (en)
JP (2) JP4750348B2 (en)
AT (1) ATE324721T1 (en)
DE (2) DE60228509D1 (en)
WO (1) WO2002067548A1 (en)

Families Citing this family (129)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7188352B2 (en) 1995-07-11 2007-03-06 Touchtunes Music Corporation Intelligent digital audiovisual playback system
US7424731B1 (en) 1994-10-12 2008-09-09 Touchtunes Music Corporation Home digital audiovisual information recording and playback system
DK0786121T3 (en) 1994-10-12 2000-07-03 Touchtunes Music Corp Digital, intelligent audio-visual reproduction system
US8661477B2 (en) 1994-10-12 2014-02-25 Touchtunes Music Corporation System for distributing and selecting audio and video information and method implemented by said system
FR2753868A1 (en) 1996-09-25 1998-03-27 Technical Maintenance Corp METHOD FOR SELECTING A RECORDING ON AN AUDIOVISUAL DIGITAL REPRODUCTION SYSTEM AND SYSTEM FOR IMPLEMENTING THE METHOD
FR2769165B1 (en) 1997-09-26 2002-11-29 Technical Maintenance Corp WIRELESS SYSTEM WITH DIGITAL TRANSMISSION FOR SPEAKERS
FR2781582B1 (en) 1998-07-21 2001-01-12 Technical Maintenance Corp SYSTEM FOR DOWNLOADING OBJECTS OR FILES FOR SOFTWARE UPDATE
US8028318B2 (en) 1999-07-21 2011-09-27 Touchtunes Music Corporation Remote control unit for activating and deactivating means for payment and for displaying payment status
FR2781591B1 (en) 1998-07-22 2000-09-22 Technical Maintenance Corp AUDIOVISUAL REPRODUCTION SYSTEM
FR2781580B1 (en) 1998-07-22 2000-09-22 Technical Maintenance Corp SOUND CONTROL CIRCUIT FOR INTELLIGENT DIGITAL AUDIOVISUAL REPRODUCTION SYSTEM
US8726330B2 (en) 1999-02-22 2014-05-13 Touchtunes Music Corporation Intelligent digital audiovisual playback system
FR2796482B1 (en) 1999-07-16 2002-09-06 Touchtunes Music Corp REMOTE MANAGEMENT SYSTEM FOR AT LEAST ONE AUDIOVISUAL INFORMATION REPRODUCING DEVICE
FR2805377B1 (en) 2000-02-23 2003-09-12 Touchtunes Music Corp EARLY ORDERING PROCESS FOR A SELECTION, DIGITAL SYSTEM AND JUKE-BOX FOR IMPLEMENTING THE METHOD
FR2805072B1 (en) 2000-02-16 2002-04-05 Touchtunes Music Corp METHOD FOR ADJUSTING THE SOUND VOLUME OF A DIGITAL SOUND RECORDING
FR2805060B1 (en) 2000-02-16 2005-04-08 Touchtunes Music Corp METHOD FOR RECEIVING FILES DURING DOWNLOAD
FR2808906B1 (en) 2000-05-10 2005-02-11 Touchtunes Music Corp DEVICE AND METHOD FOR REMOTELY MANAGING A NETWORK OF AUDIOVISUAL INFORMATION REPRODUCTION SYSTEMS
FR2811175B1 (en) 2000-06-29 2002-12-27 Touchtunes Music Corp AUDIOVISUAL INFORMATION DISTRIBUTION METHOD AND AUDIOVISUAL INFORMATION DISTRIBUTION SYSTEM
FR2811114B1 (en) 2000-06-29 2002-12-27 Touchtunes Music Corp DEVICE AND METHOD FOR COMMUNICATION BETWEEN A SYSTEM FOR REPRODUCING AUDIOVISUAL INFORMATION AND AN ELECTRONIC ENTERTAINMENT MACHINE
US8140859B1 (en) 2000-07-21 2012-03-20 The Directv Group, Inc. Secure storage and replay of media programs using a hard-paired receiver and storage device
US7457414B1 (en) 2000-07-21 2008-11-25 The Directv Group, Inc. Super encrypted storage and retrieval of media programs with smartcard generated keys
FR2814085B1 (en) 2000-09-15 2005-02-11 Touchtunes Music Corp ENTERTAINMENT METHOD BASED ON MULTIPLE CHOICE COMPETITION GAMES
US20020114453A1 (en) * 2001-02-21 2002-08-22 Bartholet Thomas G. System and method for secure cryptographic data transport and storage
IL157854A0 (en) * 2001-03-28 2004-03-28 Digital rights management system and method
FR2824212A1 (en) * 2001-04-25 2002-10-31 Thomson Licensing Sa METHOD FOR MANAGING A SYMMETRIC KEY IN A COMMUNICATION NETWORK AND DEVICES FOR IMPLEMENTING IT
US20030023862A1 (en) * 2001-04-26 2003-01-30 Fujitsu Limited Content distribution system
US6876984B2 (en) * 2001-05-31 2005-04-05 Contentguard Holdings, Inc. Method and apparatus for establishing usage rights for digital content to be created in the future
US8275716B2 (en) 2001-05-31 2012-09-25 Contentguard Holdings, Inc. Method and system for subscription digital rights management
US7257844B2 (en) * 2001-07-31 2007-08-14 Marvell International Ltd. System and method for enhanced piracy protection in a wireless personal communication device
US7409562B2 (en) 2001-09-21 2008-08-05 The Directv Group, Inc. Method and apparatus for encrypting media programs for later purchase and viewing
JP2003108520A (en) * 2001-09-28 2003-04-11 Canon Inc Information providing server, terminal device, its control method and information providing system
US20030118188A1 (en) * 2001-12-26 2003-06-26 Collier David C. Apparatus and method for accessing material using an entity locked secure registry
US8261059B2 (en) * 2001-10-25 2012-09-04 Verizon Business Global Llc Secure file transfer and secure file transfer protocol
ATE443970T1 (en) * 2001-12-11 2009-10-15 Ericsson Telefon Ab L M METHOD OF LEGAL MANAGEMENT FOR STREAMING MEDIA
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
US7681034B1 (en) 2001-12-12 2010-03-16 Chang-Ping Lee Method and apparatus for securing electronic data
US7921288B1 (en) * 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US7260555B2 (en) 2001-12-12 2007-08-21 Guardian Data Storage, Llc Method and architecture for providing pervasive security to digital assets
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US7380120B1 (en) 2001-12-12 2008-05-27 Guardian Data Storage, Llc Secured data format for access control
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7783765B2 (en) 2001-12-12 2010-08-24 Hildebrand Hal S System and method for providing distributed access control to secured documents
US7565683B1 (en) 2001-12-12 2009-07-21 Weiqing Huang Method and system for implementing changes to security policies in a distributed security system
USRE41546E1 (en) 2001-12-12 2010-08-17 Klimenty Vainstein Method and system for managing security tiers
US8006280B1 (en) 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US7178033B1 (en) 2001-12-12 2007-02-13 Pss Systems, Inc. Method and apparatus for securing digital assets
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US7950066B1 (en) 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US7400729B2 (en) * 2001-12-28 2008-07-15 Intel Corporation Secure delivery of encrypted digital content
US8176334B2 (en) 2002-09-30 2012-05-08 Guardian Data Storage, Llc Document security system that permits external users to gain access to secured files
US8613102B2 (en) 2004-03-30 2013-12-17 Intellectual Ventures I Llc Method and system for providing document retention using cryptography
US7512810B1 (en) 2002-09-11 2009-03-31 Guardian Data Storage Llc Method and system for protecting encrypted files transmitted over a network
US7822687B2 (en) 2002-09-16 2010-10-26 Francois Brillon Jukebox with customizable avatar
US8103589B2 (en) 2002-09-16 2012-01-24 Touchtunes Music Corporation Digital downloading jukebox system with central and local music servers
US8151304B2 (en) 2002-09-16 2012-04-03 Touchtunes Music Corporation Digital downloading jukebox system with user-tailored music management, communications, and other tools
US11029823B2 (en) 2002-09-16 2021-06-08 Touchtunes Music Corporation Jukebox with customizable avatar
US10373420B2 (en) 2002-09-16 2019-08-06 Touchtunes Music Corporation Digital downloading jukebox with enhanced communication features
US8332895B2 (en) 2002-09-16 2012-12-11 Touchtunes Music Corporation Digital downloading jukebox system with user-tailored music management, communications, and other tools
US9646339B2 (en) 2002-09-16 2017-05-09 Touchtunes Music Corporation Digital downloading jukebox system with central and local music servers
US8584175B2 (en) 2002-09-16 2013-11-12 Touchtunes Music Corporation Digital downloading jukebox system with user-tailored music management, communications, and other tools
US7836310B1 (en) 2002-11-01 2010-11-16 Yevgeniy Gutnik Security system that uses indirect password-based encryption
US7474326B2 (en) * 2002-11-04 2009-01-06 Tandberg Telecom As Inter-network and inter-protocol video conference privacy method, apparatus, and computer program product
US7890990B1 (en) 2002-12-20 2011-02-15 Klimenty Vainstein Security system with staging capabilities
DE10317037A1 (en) * 2003-04-14 2004-11-04 Orga Kartensysteme Gmbh Process for protecting data against unauthorized use on a mobile device
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
JP4117615B2 (en) * 2003-06-30 2008-07-16 ソニー株式会社 Temporary storage management device, temporary storage management method, and temporary storage management program
US7730543B1 (en) 2003-06-30 2010-06-01 Satyajit Nath Method and system for enabling users of a group shared across multiple file security systems to access secured files
JP2005027220A (en) * 2003-07-02 2005-01-27 Sony Corp Communication method, its device, data processing method, and its device
US7703140B2 (en) 2003-09-30 2010-04-20 Guardian Data Storage, Llc Method and system for securing digital assets using process-driven security policies
US8127366B2 (en) 2003-09-30 2012-02-28 Guardian Data Storage, Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US7930757B2 (en) * 2003-10-31 2011-04-19 Adobe Systems Incorporated Offline access in a document control system
US8627489B2 (en) * 2003-10-31 2014-01-07 Adobe Systems Incorporated Distributed document version control
US8108672B1 (en) 2003-10-31 2012-01-31 Adobe Systems Incorporated Transparent authentication process integration
KR101022465B1 (en) * 2003-11-13 2011-03-15 삼성전자주식회사 Method of copying and decrypting encrypted digital data and apparatus therefor
US7548624B2 (en) * 2004-01-16 2009-06-16 The Directv Group, Inc. Distribution of broadcast content for remote decryption and viewing
US7707427B1 (en) 2004-07-19 2010-04-27 Michael Frederick Kenrich Multi-level file digests
DE102004063964B4 (en) * 2004-10-20 2010-12-16 Vita-X Ag computer system
DE102004051296B3 (en) * 2004-10-20 2006-05-11 Compugroup Health Services Gmbh Computer system e.g. for medical patient cards, has reader for portable data medium for reading key and pointer of data medium with data coded with second key
US7995758B1 (en) 2004-11-30 2011-08-09 Adobe Systems Incorporated Family of encryption keys
KR20060107282A (en) * 2005-04-07 2006-10-13 엘지전자 주식회사 Data reproducing method, data recording/reproducing player and data transmitting method
US8761400B2 (en) * 2005-07-15 2014-06-24 Microsoft Corporation Hardware linked product key
US8832047B2 (en) 2005-07-27 2014-09-09 Adobe Systems Incorporated Distributed document version control
US20070061835A1 (en) * 2005-08-05 2007-03-15 Realnetworks, Inc. System and method for registering users and devices
US9325944B2 (en) 2005-08-11 2016-04-26 The Directv Group, Inc. Secure delivery of program content via a removable storage medium
EP1793606A1 (en) 2005-12-05 2007-06-06 Microsoft Corporation Distribution of keys for encryption/decryption
WO2007090466A1 (en) * 2006-02-08 2007-08-16 Vita-X Ag Computer system and method for storing data
US8775319B2 (en) 2006-05-15 2014-07-08 The Directv Group, Inc. Secure content transfer systems and methods to operate the same
EP2092745B1 (en) * 2006-11-20 2010-10-06 Ocilion IPTV Technologies GmbH Method for transmitting video files in a data network
US20080154775A1 (en) * 2006-12-22 2008-06-26 Nortel Networks Limited Re-encrypting encrypted content on a video-on-demand system
US9171419B2 (en) 2007-01-17 2015-10-27 Touchtunes Music Corporation Coin operated entertainment system
US9330529B2 (en) 2007-01-17 2016-05-03 Touchtunes Music Corporation Game terminal configured for interaction with jukebox device systems including same, and/or associated methods
US20080226078A1 (en) * 2007-03-12 2008-09-18 Microsoft Corporation Enabling recording and copying data
US9953481B2 (en) 2007-03-26 2018-04-24 Touchtunes Music Corporation Jukebox with associated video server
US8539233B2 (en) * 2007-05-24 2013-09-17 Microsoft Corporation Binding content licenses to portable storage devices
JP2009033411A (en) * 2007-07-26 2009-02-12 Sharp Corp Broadcast receiver and pay program providing system
US8332887B2 (en) 2008-01-10 2012-12-11 Touchtunes Music Corporation System and/or methods for distributing advertisements from a central advertisement network to a peripheral device via a local advertisement server
US10290006B2 (en) 2008-08-15 2019-05-14 Touchtunes Music Corporation Digital signage and gaming services to comply with federal and state alcohol and beverage laws and regulations
US9324064B2 (en) 2007-09-24 2016-04-26 Touchtunes Music Corporation Digital jukebox device with karaoke and/or photo booth features, and associated methods
IL188254A0 (en) * 2007-12-19 2008-11-03 Isaac J Labaton Memory management method for the impovement of portable devices applications' security
US20090327091A1 (en) * 2008-06-26 2009-12-31 Microsoft Corporation License management for software products
US8849435B2 (en) 2008-07-09 2014-09-30 Touchtunes Music Corporation Digital downloading jukebox with revenue-enhancing features
JP2010021888A (en) * 2008-07-11 2010-01-28 Toshiba Corp Communication apparatus, key server, and management server
JP5872289B2 (en) * 2008-11-20 2016-03-01 コーニンクレッカ フィリップス エヌ ヴェKoninklijke Philips N.V. Method and apparatus for managing digital content
JP5404030B2 (en) * 2008-12-26 2014-01-29 デジタルア−ツ株式会社 Electronic file transmission method
GB2467580B (en) * 2009-02-06 2013-06-12 Thales Holdings Uk Plc System and method for multilevel secure object management
US9292166B2 (en) 2009-03-18 2016-03-22 Touchtunes Music Corporation Digital jukebox device with improved karaoke-related user interfaces, and associated methods
US10719149B2 (en) 2009-03-18 2020-07-21 Touchtunes Music Corporation Digital jukebox device with improved user interfaces, and associated methods
KR101748448B1 (en) 2009-03-18 2017-06-16 터치튠즈 뮤직 코포레이션 Entertainment server and associated social networking services
US10564804B2 (en) 2009-03-18 2020-02-18 Touchtunes Music Corporation Digital jukebox device with improved user interfaces, and associated methods
US8763156B2 (en) 2009-07-10 2014-06-24 Disney Enterprises, Inc. Digital receipt for use with an interoperable keychest
US8755526B2 (en) * 2009-07-10 2014-06-17 Disney Enterprises, Inc. Universal file packager for use with an interoperable keychest
US10621518B2 (en) 2009-07-10 2020-04-14 Disney Enterprises, Inc. Interoperable keychest
WO2011039677A1 (en) * 2009-09-30 2011-04-07 Koninklijke Philips Electronics N.V. Methods and devices for managing content
WO2011094330A1 (en) 2010-01-26 2011-08-04 Touchtunes Music Corporation Digital jukebox device with improved user interfaces, and associated methods
US9197407B2 (en) 2011-07-19 2015-11-24 Cyberlink Corp. Method and system for providing secret-less application framework
US11151224B2 (en) 2012-01-09 2021-10-19 Touchtunes Music Corporation Systems and/or methods for monitoring audio inputs to jukebox devices
WO2014032707A1 (en) * 2012-08-29 2014-03-06 Siemens Convergence Creators Gmbh Method and system for assigning information contents
WO2015070070A1 (en) 2013-11-07 2015-05-14 Touchtunes Music Corporation Techniques for generating electronic menu graphical user interface layouts for use in connection with electronic devices
EP3123293A4 (en) 2014-03-25 2017-09-27 Touchtunes Music Corporation Digital jukebox device with improved user interfaces, and associated methods
CN104009839A (en) * 2014-06-16 2014-08-27 华中师范大学 Generating method for secret keys with user information
CN104091230A (en) * 2014-06-20 2014-10-08 安徽云盾信息技术有限公司 Product tracking method
US9565184B2 (en) * 2014-09-30 2017-02-07 Anthony Tan Digital certification analyzer temporary external secured storage
US9419965B2 (en) * 2014-09-30 2016-08-16 Anthony Tan Digital certification analyzer
EP3032453B1 (en) 2014-12-08 2019-11-13 eperi GmbH Storing data in a server computer with deployable encryption/decryption infrastructure
US10205710B2 (en) * 2015-01-08 2019-02-12 Intertrust Technologies Corporation Cryptographic systems and methods
WO2017004447A1 (en) * 2015-06-30 2017-01-05 Activevideo Networks, Inc. Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients
WO2017083985A1 (en) 2015-11-20 2017-05-26 Genetec Inc. Media streaming
US10372926B1 (en) * 2015-12-21 2019-08-06 Amazon Technologies, Inc. Passive distribution of encryption keys for distributed data stores

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09114787A (en) * 1995-10-23 1997-05-02 Nippon Telegr & Teleph Corp <Ntt> Method and system for information distribution
US5999629A (en) * 1995-10-31 1999-12-07 Lucent Technologies Inc. Data encryption security module
US5673316A (en) * 1996-03-29 1997-09-30 International Business Machines Corporation Creation and distribution of cryptographic envelope
US5864620A (en) * 1996-04-24 1999-01-26 Cybersource Corporation Method and system for controlling distribution of software in a multitiered distribution chain
US5862220A (en) * 1996-06-03 1999-01-19 Webtv Networks, Inc. Method and apparatus for using network address information to improve the performance of network transactions
US6073124A (en) * 1997-01-29 2000-06-06 Shopnow.Com Inc. Method and system for securely incorporating electronic information into an online purchasing application
JPH11126020A (en) * 1997-07-18 1999-05-11 Irdeto Bv Integrated circuit and safe data processing method employing the integrated circuit
AU1184999A (en) * 1997-09-05 1999-03-22 Librius, Inc. System for transmitting with encryption and displaying electronic books
JPH11266483A (en) * 1998-03-18 1999-09-28 Toshiba Corp Information delivery method and portable terminal equipment
JPH11328214A (en) * 1998-05-20 1999-11-30 Nippon Telegr & Teleph Corp <Ntt> Information retrieval and display method for multimedia merchandise and system
US6226618B1 (en) * 1998-08-13 2001-05-01 International Business Machines Corporation Electronic content delivery system
US20010016836A1 (en) * 1998-11-02 2001-08-23 Gilles Boccon-Gibod Method and apparatus for distributing multimedia information over a network
JP2000183867A (en) * 1998-12-15 2000-06-30 Hitachi Ltd Ciphering processor
AU2515800A (en) * 1999-01-26 2000-08-07 Infolio, Inc. Universal mobile id system and method for digital rights management
US7103574B1 (en) * 1999-03-27 2006-09-05 Microsoft Corporation Enforcement architecture and method for digital rights management
JP2000330873A (en) * 1999-05-18 2000-11-30 M Ken:Kk Contents distribution system, method therefor and recording medium
WO2000075787A1 (en) * 1999-06-05 2000-12-14 Hyo Joon Park Digital product license control system based on independent digital product registration server
US6636966B1 (en) * 2000-04-03 2003-10-21 Dphi Acquisitions, Inc. Digital rights management within an embedded storage device

Also Published As

Publication number Publication date
US20020162104A1 (en) 2002-10-31
DE60228509D1 (en) 2008-10-02
DE60210938D1 (en) 2006-06-01
EP1371170B1 (en) 2006-04-26
EP1371170A4 (en) 2004-06-16
DE60210938T2 (en) 2006-11-16
ATE324721T1 (en) 2006-05-15
JP2008252956A (en) 2008-10-16
EP1371170A1 (en) 2003-12-17
US7076067B2 (en) 2006-07-11
JP2004529534A (en) 2004-09-24
WO2002067548A1 (en) 2002-08-29

Similar Documents

Publication Publication Date Title
JP4750348B2 (en) Managing keys for encrypted media
US7757299B2 (en) Conditional access to digital rights management conversion
US6996544B2 (en) Multiple party content distribution system and method with rights management features
US11586753B2 (en) Secure content access system
US20040019801A1 (en) Secure content sharing in digital rights management
US20050262573A1 (en) Content presentation
US20030140257A1 (en) Encryption, authentication, and key management for multimedia content pre-encryption
US20090016533A1 (en) Controlling With Rights Objects Delivery Of Broadcast Encryption Content For A Network Cluster From A Content Server Outside The Cluster
JP2004048687A (en) System and method for secure distribution of digital content via network
JP2008500589A (en) Secure communication with changing identifiers and watermarking in real time
MX2007003228A (en) System and method for providing authorized access to digital content.
JP2012069141A (en) Use of media storage structure with pieces of a plurality of contents of content distribution system
US20110069836A1 (en) Off-line content delivery system with layered encryption
CN101160965B (en) Method of implementing preview of network TV program, encryption device, copyright center system and subscriber terminal equipment
WO2003081499A1 (en) License management method and license management apparatus
US20070050293A1 (en) Method and apparatus for distributing content to a client device
EP1667355B1 (en) Encrypted media key management
JPH10333769A (en) Multi-media data distribution system and multi-media data reproduction terminal
WO2002001799A2 (en) Method and apparatus for securely managing membership in group communications
JP2002204228A (en) Device and method for distributing contents, and program and device for downloading contents
JP2004013564A (en) Viewing frequency restricted contents generating device, viewing frequency restricted contents reproducing device and its program, viewing frequency restricted contents distributing method and its program
JP2001350727A (en) Contents distribution system
JP4159818B2 (en) Content distribution apparatus, content distribution method, content distribution program, and recording medium
JP2004320623A (en) Streaming content distributing system, method, program, and computer readable medium
JP2002374518A (en) Distribution system

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20050216

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20070807

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20071107

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20071114

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20071207

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20071214

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20080107

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20080115

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20080207

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20080321

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20080718

A911 Transfer to examiner for re-examination before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20081002

A912 Re-examination (zenchi) completed and case transferred to appeal board

Free format text: JAPANESE INTERMEDIATE CODE: A912

Effective date: 20081226

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20100720

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20100723

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20100820

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20100826

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20110126

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20110131

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20110228

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20110304

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20110328

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20110519

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

Ref document number: 4750348

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140527

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140527

Year of fee payment: 3

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140527

Year of fee payment: 3

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R371 Transfer withdrawn

Free format text: JAPANESE INTERMEDIATE CODE: R371

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

EXPY Cancellation because of completion of term